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(54) Secure remote subscription module acces 

(57) Disclosed is a method of granting a client com- 
munications temninal access to a subscription module 
of a server communications terminal, the method com- 
prising the steps of establishing a communications link 
between the client communications temninal and the 
server communications temriinal; communicating data 
related to the subscription module between the server 
communications temninal and the client communica- 
tions terminal via the communications link; authenticat- 
ing the client communications temninal by the subscrip- 



tion module using a key-based authentication proce- 
dure; and initiating the step of communicating data re- 
lated to the subscription module conditioned on a result 
of the step of authenticating the client communications 
device. The present invention further relates to an ar- 
rangement for granting access to a subscription module 
in a communications system. The present invention also 
relates to a server communications temninal comprising 
a subscription module, a client communications temninal 
and a subscription module. 
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Description 

[0001] This Invention relates to a method of granting 
a client comnfiunications teroilnal access to a subscrip- 
tion module of a server communications terminal. The 
present invention further relates to an arrangement for 
granting access to a subscription module In a commu- 
nications system. The present invention also relates to 
a server communications temnlnal comprising a sub- 
scription module, a client communications temiinal and 
a subscription module. 

[0002] In many wireless communications systems, 
communications terminals are equipped with a sub- 
scription module. When a subscriber requests a com- 
munication service it is detennined, via said subscription 
module, whether the subscriber is qualified to receive 
communication services which the system provides. For 
this purpose, a subscriber Identity is assigned to a ter- 
minal in a wireless communications system which uses 
a subscriber identity media. In order to get access to the 
communications services, the communications terminal 
needs to have access to security sensitive Information 
which is unique to the subscription and which is stored 
In the subscription module. 

[0003] The term communications terminal includes all 
portable radio communications equipment to which a 
subscriber Identity Is assigned, such as a mobile tele- 
phone, a communicator, an electronic organiser, a per- 
sonal digital assistant (PDA), or the like. The wireless 
communications system may, for instance, be any cel- 
lular mobile phone system such as GSM (Global System 
for Mobile Communications) or any satellite telecommu- 
nication system. 

[0004] In the context of GSM, subscription is based 
on a-SIM (subscriber identity module) card, i.e. the sub- 
scription module is implemented as a SIM card attached 
to a mobile terminal. The SIM card includes a ROM 
(Read Only Memory), a RAM (Read Access Memory), 
an EEPROM (Electrically Erasable Programmable 
Read Only Memory), a processor unit and an interface 
to the communications terminal. The memory of the SIM 
provides storage of the subscriber identity which is the 
International Mobile Subscriber Identity (IMSI) in a GSM 
network. Except for emergency calls, the temninal can 
only be operated, if a valid SIM is present. The SIM sup- 
ports a security function for verification of the user of the 
terminal and for authentication of the user to the GSM 
network. The SIM further comprises Information ele- 
ments for GSM network operations, e.g. related to the 
mobile subscriber or GSM services. 
[0005] I n the above described context, if a user would 
like to use a SIM card, i.e. a single subscription, to con- 
nect to a wireless communications network from several 
different personal mobile temninals, he or she needs to 
manually remove the SIM card from one device and put 
it into another device. In order to avoid this Inconvenient 
operation it is advantageous, if the wireless communi- 
cation system allows more than one communications 



terminal to share the same subscriber identity without 
having to pay for more than one subscription. 
[0006] The international application WO 99/59360 
discloses an arrangement for communicating SIM relat- 
s ed data in a wireless communications system between 
a wireless communications terminal and a subscriber 
Identity terminal including a subscriber identity unit with 
a SIM card. The wireless communications temiinal and 
the subscriber identity temiinal are separated from each 
10 other, but may communicate with each other via a local 
wireless communications link within a radio frequency 
range. SIM related data is communicated over the local 
wireless communications link. Hence the above prior art 
system allows a simplified sharing of a subscription 
IS module by several communications temninals. Instead 
of moving the SIM card between different mobile termi- 
nals, direct wireless access to the SIM card over an air 
interface is realised. In the above prior art, the local wire- 
less communications link is encrypted in order to estab- 
20 lish a secure wireless communications link that hinders 
third party interception of sensitive information. 
[0007] However, the above prior art system involves 
the problem that the client terminal may be under control 
of a dishonest user who may misuse the gained access 
25 to the communications access. Furthermore, if the local 
wireless communications link is a link to a local wireless 
network, such as a Bluetooth piconet, the link between 
the client temninal and the server terminal may comprise 
several wireless connections involving intermediate ter- 
30 minals, thereby causing the security of the communica- 
tions link to be difficult to control, even though the indi- 
vidual communications links may be encrypted. Hence, 
there is a risk of unauthorised interception and use of 
sensitive data related to the subscription module. 
35 [0008] The above and other problems are solved 
when a method of granting a client communications ter- 
minal access to a subscription module of a server com- 
munications temninal, the method comprising the steps 
of 

40 

establishing a communications link between the cli- 
ent communications temninal and the server com- 
munications temninal; and 
communicating data related to the subscription 
45 module between the server communications termi- 
nal and the client communications terminal via the 
communications link 

is characterized in that the method further compris- 
es the steps of 

so - authenticating the client communications temninal 
by the subscription module using a key-based au- 
thentication procedure; and 
initiating the step of communicating data related to 
the subscription module conditioned on a result of 
ss the step of authenticating the client communica- 
tions device. 

[0009] Consequently, the present invention provides 
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a secure end-to-end authentication between the sub- 
scription module and the client communications termi- 
nal. According to the present Invention, the Internal com- 
munication between the subscription module and the 
server communications temnlnal Is protected as well as 
the communication between the client and server com- 
munications terniinals, thereby providing protection of 
the entire communications path. For example, when a 
user of the subscription module enters a PIN in order to 
activate the subscription module, this Information Is au- 
thenticated end-to-end, i.e. between the subscription 
module and the client communications tenninal, thereby 
providing a considerably Improved security against un- 
authorised use of the sensitive Information on the sub- 
scription module. 

[0010] Therefore, the present invention allows a re- 
mote device to securely use the subscription module of 
another device in order to get access to important infor- 
mation or functions needed for example to connect to a 
cellular network. 

[0011] The communications link may be an electric 
link or a wireless communications link, such as an elctro- 
magnetic, magnetic or inductive link. Examples of elec- 
tro-magnetic links include, radio-frequency links, optical 
links, infrared links, microwave links, ultra sound links, 
or the like. For example, the communications link may 
be a radio link according to the Bluetooth standard, I.e. 
a short-range wireless technology that enables different 
units to communicate with relatively high speed. Blue- 
tooth as well as other short-range wireless technologies 
make it possible to set up fast connections between dif- 
ferent personal computing devices like a mobile phone, 
a Personal Digital Assistance (PDA), etc. 
[001 2] The term communications tenninal comprises 
any electronic equipment including communications 
means adapted to establish a communications link as 
described above, or part of such electronic equipment. 
The term electronic equipment includes computers, 
such as stationary and portable PCs, stationary and 
portable radio communications equipment, etc. The 
tenri portable radio communications equipment in- 
cludes mobile radio terminals such as mobile tele- 
phones, pagers, communicators, e.g. electronic organ- 
isers, smart phones, PDAs, or the like. 
[001 3] The terni subscription module comprises mod- 
ules which may be removably inserted into a communi- 
cations tenninal, such as a smart card, a SIM card, a 
wireless identity module (WIM) card, or the like. The 
term subscription module further comprises modules 
which are physically Inseparable from the server com- 
munications terminal. In one embodiment, the subscrip- 
tion module may comprise a security unit comprising a 
processing unit for performing the authentication, and 
storage means for storing one or more keys for use dur- 
ing authentication. The storage means may be an Inte- 
gral part of the security module, removably Insertabte, 
or the like. 

[0014] The data communicated between the client 



and the server communications tenninal may be data 
stored in the subscription module which may be required 
to register the client communications terminal in a cel- 
lular networi<, to establish a communications connec- 

5 tion, e.g. a voice, fax, or data call, hereafter referred to 
as a "call", from the client communications terminal, to 
receive a call from the network directed to a telephone 
number associated with the subscription module, to au- 
thorise payments or other transactions, access functlon- 

10 allty or interfaces of the server communications device, 
or the like. The data may further comprise subscription 
authorisation data, e.g. a PIN code entered by a user of 
the client communications tenninal and sent to the serv- 
er communications tenninal. The data may further com- 

^5 prise address data, phone books, or any other sensitive 
data related to the subscription module. The communi- 
cation of data may comprise the transmission of data 
from the server communications terminal to the client 
communications terminal and/or the transmission of da- 

20 ta from the client communications tenninal to the server 
communications tenninal. Hence, access to the sub- 
scription module involves access to the data related to 
the subscription module, i.e. the transmission of data to 
the subscription module, the reception of data from the 

25 subscription module, or the like. 

[0015] The subscription module may be able to au- 
thenticate a number of different client communications 
devices. 

[0016] When the method further comprises the step 
30 of authenticating the subscription module by the client 
communications terminal using the key-based authen- 
tication procedure, additional security is achieved, as 
only an authorised subscription module is trusted by the 
client communications tenninal. Hence, the user of the 
35 client communications device can be sure that the client 
communications device communicates with the correct 
and trusted subscription module. This is a particular ad- 
vantage, if the user of the client communications termi- 
nal wishes to send sensitive data to the subscription 
40 module, e.g. PIN codes, account data, personal data, 
etc. 

[0017] In a preferred embodiment of the invention, the 
key-based authentication procedure Is a symmetric au- 
thentication procedure based on a first secret key stored 

45 In both the client communications terminal and the sub- 
scription module. Hence, the authentication is based on 
a common shared secret between the client communi- 
cations device and the subscription module, which may 
be used to authenticate the client communications de- 

50 vice and/or the subscription module. It is an advantage 
of the embodiment, that it provides an efficient and high- 
ly secure mechanism of authentication. The first secret 
key may be a long-lived key. and the subscription mod- 
ule may be pre-configured with that key. Alternatively or 

55 additionally, a temporary secret may be used allowing a 
client communications device temporary access to the 
subscription module. It is an advantage of the use of a 
symmetric key mechanlsrin. that It provides a high level 
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of security even with a short key, e.g. 64 or 1 28 bits, and 
with a authentication mechanism which only requires lit- 
tle computational resources. In particular, this is an ad- 
vantage, if the communications terminals have limited 
storage capacity and computational resources or limited 
power supply. 

[0018] When the step of communicating data related 
to the subscription module further comprises the step of 
encrypting the data using an encryption key derived 
from the first secret key, an end-to-end encryption of the 
communication between the subscription module and 
the client communications tennlnal is achieved, thereby 
providing a high level of security of the transmitted in- 
formation against misuse and interception. It is an ad- 
vantage of the Invention that even the internal commu- 
nication within the server communications device, i.e. 
the communication over the interface provided by the 
subscription module, is protected. For example, when 
the user of the subscription module enters a PIN in order 
to activate the subscription module, that PIN Is sent to 
the subscription module in encrypted form and, thus, is 
protected from interception during the entire communi- 
cations, even inside the server communications device. 
This is a particularly important advantage In the case of 
a modular server communications terminal where the 
interface of the subscription module is accessible by 
other modules or devices. Preferably, the key used for 
encrypting the communications is derived from the first 
secret key where the temn derived includes the possibil- 
ity of using the first secret key directly. 
[0019] When the method further comprises the step 
of deriving an encryption key from the first secret key, 
the communicated data is further protected against un- 
authorised alteration. Preferably, the step of communi- 
cating data related to the subscription module further 
comprises the step of integrity protecting the data using 
a key derived from the first secret key 
[0020] In another preferred embodiment of the Inven- 
tion, the key-based authentication procedure is a public 
key-based authentication procedure wherein the sub- 
scription module has access to a public key related to 
the client communications terminal. Hence, the authen- 
tication of the client communications device is based up- 
on a public key of the client communications device 
which the subscription module has access to. It is an 
advantage of this embodiment that there is no need for 
a shared secret between the client communications ter- 
minal and the subscription module. As the security re- 
quirements for communicating a public key are lower 
than for a symmetric key, the subscription module may 
receive a public key of the client subscription module in 
several different ways, thereby increasing the flexibility 
of the method. Furthermore, the public key of the client 
communications terminal does not need to be perma- 
nently stored in the subscription module, thereby saving 
storage space in the subscription module. 
[0021] In a further preferred embodiment of the inven- 
tion the method further comprises the step of authenti- 



cating the subscription module by the client communi- 
cations terminal using the public key-based authentica- 
tion procedure wherein the client communications ter- 
minal has access to a public key related to the subscrip- 

5 tion module. Hence, additional security Is achieved, as 
only an authorised subscription module is trusted by the 
client communications terminal. This is a particular ad- 
vantage, if the user of the cjient communications termi- 
nal wishes to send sensitive data to the subscription 

10 module. 

[0022] When the step of authenticating the client com- 
munications terminal further comprises the step of ex- 
changing between the client communications temfiinal 
and the subscription module a second secret key for use 

'5 during cryptographic protection of the data related to the 
subscription module communicated between the server 
communications terminal and the client communica- 
tions temiinal via the communications link, an end-to- 
end encryption of the communication between the sub- 

20 scription module and the client communications temni- 
nal is achieved, thereby providing a high level of security 
of the transmitted information against misuse and inter- 
ception even during the internal communication within 
the server communications device, I.e. the communica- 

25 tion over the interface provided by the subscription mod- 
ule. Preferably, the step of communicating data related 
to the subscription module further comprises the step of 
encrypting the data using an encryption key derived 
from the second secret key. 

30 [0023] Alternatively, the encryption may be based on 
a asymmetrical encryption scheme using a public key 
and without the need for a shared secret. 
[0024] Furthemnore, when the step of communicating 
data related to the subscription module further compris- 
es es the step of integrity protecting the data using a key 
derived from the second secret key, the communicated 
data is further protected against unauthorised alteration. 
[0025] According to another preferred embodiment of 
the invention, the step of authenticating the client com- 

"^0 municatlons temninal further comprises the step of in- 
quiring an input from a user of the server communica- 
tions terminal indicative of an approval of the authenti- 
cation. Consequently, as the communication of data to/ 
from the subscription module requires an approval by 

^5 the user of the server commu nicatlons device compris- 
ing the subscription module, additional security against 
misuse or accidental use is achieved. For example, the 
user may press a predetemnined button and/or input a 
PIN code in order to authorise the access to the sub- 

so scription module. 

[0026] When the step of initiating communicating data 
related to the subscription module further comprises the 
step of performing a user authorisation based on a PIN 
code stored on the subscription module, access to the 

55 data related to the subscription module may be control- 
led more fine-grained, as different types of data may be 
associated with different PIN codes, thereby providing 
the possibility of selectively granting access to parts of 
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the data. Alternatively or additionally, different types of 
access, such as read, write, delete, or the like, nnay be 
associated with different PIN codes. Hence, according 
to this ennbodlment, a user of the client communications 
device is required to enter a PIN code prior to being 
granted access to the data. 

[0027] According to a further aspect of the invention, 
the invention relates to an arrangement for granting ac- 
cess to a subscription module in a communications sys- 
tem, the arrangement comprising a client communica- 
tions temriinal and a server communications terminal in- 
cluding the subscription module, the client and server 
communications terminals each comprising respective 
communications means for establishing a communica- 
tions link between the client communications terminal 
and the server communications terminal, and for com- 
municating data related to the subscription module be- 
tween the server communications terminal and the cli- 
ent communications terminal via the communications 
link; characterised In that the subscription module fur- 
ther comprises processing means adapted to authenti- 
cate the client communications temriinal using a key- 
based authentication procedure, and to grant access to 
the subscription module conditioned on a result of the 
authentication procedure. 

[0026] When the communications link is a wireless 
communications link, a fast way of establishing a com- 
munications link is provided without the need of a phys- 
ical or electrical connection between the temrilnals. 
[0029] When the server communications terminal, the 
communications means, of the server communications 
terminal, and the subscription module are physically in- 
cluded in a single unit, apartlculariy high level of security 
is provided, as the possibility of data interception and 
misuse is further reduced. Advantageously, the server 
communications terminal, a wireless interface and the 
subscription module may be implemented as one phys- 
ically inseparable entity. 

[0030] According to a further aspect of the invention, 
the invention relates to a server communications termi- 
nal comprising a subscription module and communica- 
tions means for establishing a communications link with 
a client communications terminal and for communicat- 
ing data related to the subscription module with the cli- 
ent communications terminal via the communications 
link; characterised in that the subscription module com- 
prises processing means adapted to authenticate the 
client communications terminal using a key-based au- 
thentication procedure, and to grant access to the sub- 
scription module conditioned on a result of the authen- 
tication procedure. 

[0031] The server communications terminal may be 
used as a server temninal for a number of different client 
communications tenninals using the same subscription. 
[0032] According to a further aspect of the Invention, 
the invention relates to a client communications tenninal 
comprising communications means for establishing a 
communications link with a server communications ter- 



minal including a subscription module, and for commu- 
nicating data related to the subscription module with the 
server communications terminal via the communica- 
tions link; characterised in that the client communica- 

5 tions terminal comprises processing means adapted to 
perform a key-based authentication procedure cooper- 
atively with the subscription module allowing the sub- 
scription module to authenticate the client communica- 
tions terminal and to grant access to the subscription 

10 module conditioned on a result of the authentication pro- 
cedure. 

[0033] According to a further aspect of the invention, 
the invention relates to a subscription module for use 
with a server communications tenninal, the server com- 
15 munications tenninal including communications means 
for establishing a communications link with a client com- 
munications tenninal and for communicating data relat- 
ed to the subscription module with the client communi- 
cations terminal via the communications link; character- 
20 ised In that the subscription hiodule comprises process- 
ing means adapted to, when the subscription module Is 
in connection with the server communications terminal, 
authenticate the client communications tenninal using 
a key-based authentication procedure, and to grant ac- 
25 cess to the subscription module conditioned on a result 
of the authentication procedure. 
[0034] The subscription module may be brought into 
physical contact with, e.g. inserted in, the server com- 
munications tenninal, or a communications connection 
30 may be established, e.g. by bringing the subscription 
module into the range of coverage of a wireless com- 
munications interface. 

[0035] The tenn processing means comprises a pro- 
grammable microprocessor, an application-specific in- 
35 tegrated circuit, or another integrated circuit, a smart 
card, or the like. 

[0036] The tenn storage means includes magnetic 
tape, optical disc, digital video disk (DVD), compact disc 
(CD or CD-ROM) , mini-disc, hard disk, floppy disk, ferro- 
40 electric memory, electrically erasable programmable 
read only memory (EEPROM), flash memory, EPROM, 
read only memory (ROM), static random access mem- 
ory (SPAM), dynamic random access memory (DRAM), 
synchronous dynamic random access memory 
45 (SDRAM), ferromagnetic memory, optical storage, 
charge coupled devices, smart cards, PCMCIA cards, 
etc. 

[0037] The tenn communications means comprises 
any circuit adapted to establish the above mentioned 
50 communications link. Examples of such circuits include 
RF transmitters/receivers, e.g. Bluetooth transceivers, 
light emitters/receivers, e.g. LEDs, infrared sensors/ 
emitters, ultrasound transducers, etc. 
[0038] Furthermore, the features and steps of the 
55 above discussed method according to the invention may 
be incorporated in the further aspects of the invention 
discussed above, and the advantages discussed in con- 
nection with the above method correspond to advantag- 
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es of these further aspects of the invention. 
[0039] The invention will be explained more fully be- 
low in connection with a preferred ennbodiment and with 
reference to the drawing, in which: 

fig. 1 shows a schematic view of a client communi- 
cations tenninal and a server communications ter- 
minal according to an embodiment of the invention; 

fig. 2 shows a schematic view of a subscription 
module according to an embodiment of the Inven- 
tion; 

fig. 3 shows a schematic view of a server commu- 
nications terminal according to an embodiment of 
the invention; 

fig. 4 shows a schematic view of a l<ey table stored 
In a subscription module according to an embodi- 
ment of the invention; 

fig. 5 shows a flow diagram of an authentication pro- 
cedure according to an embodiment of the invention 
based on a symmetric Icey; and 

fig, 6 shows a flow diagram of an authentication pro- 
cedure according to an embodiment of the invention 
based on a public key. 

[0040] Fig. 1 shows a schematic view of a client com- 
munications terminal and a server communications ter- 
minal according to an embodiment of the invention. The 
client communications terminal 106 includes an aerial 
113 for communicating via a mobile communications 
network 114, e.g. a GSM network. The client communi- 
cations tenninal further comprises circuitry 1 07 for con- 
trolling the communications terminal, a storage medium 
1 08, a display 1 1 1 and a keypad 1 1 2, or other user input/ 
output means. For example, the client communications 
device may be a mobile telephone or another personal 
communications device, such as a communicator, a 
PDA, a pager, a car phone, or the like. Further examples 
of a client communications device Include a modem, a 
telefax or other telecommunications equipment. The 
storage medium 1 08 may be a memory section of a SIM 
card comprising EPROM, ROM and/or RAM sections. 
Altematively, the storage medium may be a another 
built-in or insertable memory, such as EEPROM, flash 
memory, ROM, RAM, etc. 

[0041] The client communications tenninal further 
comprises a Bluetooth transceiver 110. Via the Blue- 
tooth transceiver, a local radio link 115 for data trans- 
mission can be established between the client commu- 
nications tenninai and a Bluetooth transceiver 104 of a 
server communications tenminal 101 when the server 
communications device is brought into the connection 
range of the wireless local communication of the client 
communications devk;e, or vice versa. The server com- 



10 

munications temninal 1 01 comprises a processing unit 

1 05 and a subscription module 1 02. In one embodiment, 
the subscription module is a SIM card comprising a 
processing unit, a memory including an EPROM sec- 

5 tion, a ROM section and a RAM section and an input/ 
output port. Hence, the server communications device 
has direct access to a subscription module and is phys- 
ically connection to it. The server communications de- 
vice may grant the client communications terminal ac- 

10 cess to the services and files of the subscription module 
102. For example, the server communications tenninal 
may be a mobile telephone or other personal communi- 
cations equipment. Alternatively, the server communi- 
cations device may be a special remote access device 

15 which only serves as an access server for different client 
terminals. For example, the server communications ter- 
minal may be implemented as a contactless smart card, 
e.g. a smart card with an integrated wireless communi- 
cations interface such as a short-range radio Interface. 

so [0042] Hence, the client communications tenninal 

106 may access the services and files of the subscrip- 
tion module 1 02 of the server communications terminal 
101, via the radio link 115, and use the accessed for the 
connection to the cellular network 1 1 4. In the above, two 

25 general roles have been described: A Remote Authen- 
tication Access Server (RAA Server) having direct ac- 
cess to the subscription module, and a Remote Authen- 
tication Access Client (RAA Client) obtaining remote ac- 
cess to the subscription module, thereby obtaining ac- 
30 cess to a number of possible services. Hence, in the fol- 
lowing, the client communications terminal will also be 
referred to as the RAA Client and the server communi- 
cations tenninal will be referred to as the RAA Server. 
Examples of the functionality, services and data which 
35 may be accessed by the RAA Client Include: 

Register the RAA Client 106 in a cellular network 
114 using the subscription module 102 in the RAA 
Server 101. 

40 - The RAA client 106 can access data and services 

available In the subscription module 102. 
The RAA Server 1 01 may exercise access control 
on what services and data can be accessed by a 
RAA Client 106; 
45 . Establish a connection (I.e. a voice, fax, or data 
call), hereafter referred to as a "call", from the RAA 
Client 106 using the subscription module 102 in the 
RAA server 101; 

Receiving a call from the network 114 at the RAA 
50 Client 106. 

[0043] According to the invention, the subscription 
module 1 02 comprises a remote access authorisation 
functionality 103 for the protection of the subscription 
55 module against unauthorised access to the sensitive 
subscription infomnation and services on the module. 
The remote access authorisation functionality 103 pro- 
vides functionality forthe authentication of different RAA 
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Clients, such that only an authorised RAA client Is al- 
lowed to get access to the subscription module 1 02. The 
authentication procedure may be based on a symmetric 
key mechanism, a public key mechanism, or the like. 
Two embodiments of such mechanisms will be de- 
scribed in greater detail in connection with figs. 5-6. 
Preferably, the RAA Client 1 06 comprises a correspond- 
ing remote server authorisation functionality 109 allow- 
ing the RAA Client 1 06 to authenticate different sub- 
scription modules. Only an authorised module is trusted 
by the RAA Client. According to the Invention, the re- 
mote access authorisation functionality 1 03 and the re- 
mote server authorisation functionality 109 have a 
shared secret, or the possibility of exchanging a shared 
secret key, used to authenticate and/or protect the con- 
nection between the RAA Client 106 and the subscrip- 
tion module 102. The connection between the RAA cli- 
ent 106 and the subscription module 102 is encrypted 
end-to-end. The key used for the encryption is either 
fixed or, preferably, derived from the shared secret at 
each connection set-up. The communication between 
the RAA client and the subscription module may further 
be Integrity protected end-to-end using a key derived 
from the shared secret. Furthermore, the subscription 
associated wit the subscription module 102 may have 
one or more PIN codes associated with it. Each of these 
PIN codes may be associated with access restriction to 
the data and services on the module. 
[0044] Hence, it is an advantage of the invention that 
it provides protection of the connection and authentica- 
tion of the RAA Client which accesses the subscription 
module over an air interface. If Bluetooth is used, build- 
in Bluetooth authentication and encryption can protect 
the air interface as the Bluetooth baseband security 
mechanism (Bluetooth Special Interest Group, "Base- 
band Specification", Specification of the Bluetooth Sys- 
tem, Core, Version 1.1, December 1 , 2000) allows fast 
authentication and encryption between two Bluetooth 
modules. However, this is only realised on the link level 
between two Bluetooth radio units and, hence, this is 
not an end-to-end solution with the subscription module 
at one end and the RAA Client at the other Hence, it Is 
an advantage of the invention that it provides authenti- 
cation and encryption end-to-end between the subscrip- 
tion module and the tenninal where the RAA client re- 
sides. 

[0045] It is noted that, in one embodiment, the sub- 
scription module 102 may regard the RAA Server 101 
as a trusted proxy. In this scenario, access control may 
still be realised by the subscription module 1 02 or it may 
be delegated to the processing unit 105 of the RAA 
Server. 

[0046] Fig. 2 shows a schematic view of a subscrip- 
tion module according to an embodiment of the inven- 
tion. The subscription module 1 02 comprises a process- 
ing unit 201 and memory 202 which may be divided into 
a ROM section 203, an EPROM section 204 and a RAM 
section 205. The subscription module further comprises 



an input/output interface 206 for communicating with the 
device it is inserted In. For example, the subscription 
module may be a smart card which may be removably 
inserted in the server communications terminal, e.g. a 
5 SIM card in the context of a GSM network. According to 
the invention, the subscription module is adapted to pro- 
vide remote access security functionality 103 for pro- 
tecting access to data stored In the memory 202 and the 
functionality of the processing unit 201 . The processing 
10 unit 201 is adapted to provide a number of security func- 
tions 103a, e.g. as part of the software executed on the 
processing unit or implemented in hardware. The re- 
mote access security functions 1 03a have access to one 
or more key codes 1 03b-d of a key based authentication 
'5 mechanism stored in the memory 202 of the subscrip- 
tion module. The key(s) may be stored in the ROM sec- 
tion 203, the EPROM section 204 and/or the RAM sec- 
tion 205, depending on the authentication mechanism 
and the lifetime of the key(s). For example, a temporary 
20 key used only for a single session may preferably be 
stored in the RAM section, while a pemianent key may 
be stored in the ROM section. In a mechanism involving 
multiple keys, different keys may be stored in the same 
or in different sections. 
25 [0047] Fig. 3 shows a schematic view of a modular 
server communications terminal according to an em- 
bodiment of the Invention. The server communications 
temninat comprises a base module 301 with a subscrip- 
tion module 302 according to the invention. The base 
30 module 301 provides interfaces 304 and 306 to a user 
interface module 308 and a radio interface module 305. 
The user interface may provide a display for providing 
a graphical user interface and/or a keypad, a pointing 
device, or the like. The radio interface unit may comprise 
35 a radio transmitter/receiver and an aerial for connecting 
to a cellular networt<, a short-range radio transceiver 
and/or other wireless interfaces. The Interfaces 304 and 
306 may be Implemented as plug-In interfaces, e.g. us- 
ing a standard such as USB or the like. Alternative, the 
^0 interfaces may be contact-free interfaces e.g. based on 
electromagnetic radiation, such as infrared or a radio 
link, e.g. using the Bluetooth technology or other short- 
range wireless communications technologies. The data 
communication via the interface 304 and/orthe interface 
45 306 may use a proprietary or a standard protocol. For 
example the base module may be implemented as a 
smart card, e.g. a smart card having an integrated radio 
Interface, in another embodiment, the base module may 
be Implemented as a unit providing the Interfaces 304 
50 and 306 and including a subscription module, e.g. as a 
removably insertable unit, such as a smart card. In a 
modular architecture as In the example of fig. 3, an end- 
to-end authentication and protection of the communica- 
tion to/from the subscription module is of particular im- 
55 portance, as the interfaces 304 and/or 306 of the base 
module are open and, thus, vulnerable for unauthorised 
access. Therefore, it is an advantage of the invention 
that it secures all Interfaces when providing remote ac- 
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cess to a subscription module. 
[0048] Fig. 4 shows a schematic view of a key table 
stored In a subscription module according to an embod- 
iment of the Invention. According to one embodiment of 
the invention, the authentication of the client communi- 
cations tenninal is based on a symmetric authentication 
procedure based on a shared secret. Hence, the RAA 
Client and the subscription module need to have a 
shared secret In order to authenticate each other and to 
protect the communication. This shared secret may be 
a long-lived secret l<ey stored in the subscription module 
and the client communications terminal, respectively. 
Alternatively, the shared secret may be a secret key 
which is created when needed and which is valid for a 
specific time period, for one session, or the like, i.e. it is 
a temporary shared secret. 

[0049] If the shared secret is long-lived it may, for ex- 
ample, be entered into the RAA client by the RAA client 
user or by an operator. In the embodiment of fig. 2, the 
entered shared secret may be stored in EPROM section 
204 of the memory of the subscription module. The op- 
erator may also send the secret key over the air or by 
any other means to the RAA client using some dedicat- 
ed protocol. Preferably, this protocol needs some addi- 
tional security mechanism to protect the shared secret 
when transferred over the air. An example of such mech- 
anism is encryption of the channel with an encryption 
key derived from another shared secret stored in the 
RAA client. This key can for example be stored in the 
RAA client at the time of manufacture. Altematlvely, the 
operator may pre-configure the subscription module 
with a long-lived shared secret during the personalisa- 
tion of the subscription module. In the embodiment of 
fig. 2, Such a pre-configured shared secret may for ex- 
ample be stored in the ROM section 205 of the memory 
of the subscription module. 

[0050] Referring to fig. 4, a subscription module or a 
RAA Client might have several different shared secrets. 
One particular shared secret is used to secure the com* 
munication with one particular RAA Client or subscrip- 
tion module respectively. In order to identify the shared 
secret, each shared secret is labelled with a unique 
Identlfier.This identifier can be of any kind, but should 
be unique. If each subscription module has a unique ID, 
it Is possible for all RAA Clients to distinguish between 
different subscription modules and to know which 
shared secret to use for a connection to a particular sub- 
scription module. For example, if the subscription mod- 
ule Is Implemented as a SIM card, the International Mo- 
bile Subscriber Identity (IMSI) may be used to identify 
the subscription module. Similarly, if each RAA Client 
has a unique ID, it is possible for all subscription mod- 
ules to distinguish between different RAA Clients and to 
know which shared secret to use for a connection to par- 
ticular RAA Client. Hence, In the subscription module, 
a table 401 may be stored comprising a number of se- 
cret key codes K-1 through K-N together with their cor- 
responding identifiers ID-1 through ID-N, respectively. 



In the embodiment of fig. 2, the table 401 may be stored 
in the EPROM memory section 204, thereby allowing a 
user to add, edit, or delete entries in the table, e.g. in 
order to add a new authorised client terminal, or in order 
5 to delete an old one. For example, the keys may be 1 28 
bit symmetric keys. 

[0051] Fig. 5 shows a flow diagram of an authentica- 
tion procedure according to an embodiment of the in- 
vention based on a symmetric key. Initially, in step 501 . 
10 a connection is established between the RAA Client and 
the subscription module. Preferably, this communica- 
tions link Is a short-range wireless communications link 
as illustrated by the wireless link 11 5 in fig. 1 . If the wire- 
less connection uses the Bluetooth technology, the con- 
is nectlon may be established automatically when the 
server communications temiinal and the client commu- 
nications tenninal are brought within each others range 
of radio coverage, e.g. within a range of a few meters. 
In a scenario where the server communications temiinal 
20 is a mobile telephone and the client communications ter- 
minal Is a car phone, the connection may be established 
when the user approaches/enters the car. During or af- 
ter the connection establishhnent. In step 502, the tenni- 
nal exchange IDs. In the subsequent step 503, the IDs 
25 are used to look up the corresponding shared secret in 
a table 401 stored in the memory of the subscription 
module and in a corresponding table in the memory of 
the client communications terminal. In step 504, the 
shared secret Is used for authenticating the client corn- 
so munications temiinal by the subscription module and to 
authenticate the subscription module by the client com- 
munications device. In step 505, a new shared secret is 
generated and exchanged between the subscription 
module and the client communications terminal. Prefer- 
35 ably, this key exchange may be a part of the authenti- 
cation procedure. Alternatively, the key exchange is per- 
formed after successful authentication. The authentica- 
tion and key exchange can be done In several different 
ways using well known state of the art solutions for 
40 shared secret based authentication and key exchange, 
such as PIN or password based solutions, challenge/ 
response based solutions, a Feige-Fiat-Shamir proto- 
col, a Schnorr protocol, etc.; and Diffle-Hellman and re- 
lated protocols, key exchange using public key encryp- 
ts tlon, KeriDeros type protocols, etc., respectively. The au- 
thentication and key exchange may be implemented in 
hardware or in software. In one embodiment, the au- 
thentication further requires an approval by the user of 
the server communications terminal, thereby further in- 
50 creasing the security against misuse or accidental use. 
For example, the user may be required to enter a PIN 
code indicative of an authorisation for remotely access- 
ing the subscription module of the server communica- 
tions terminal. 

55 [0052] After successful authentication and key ex- 
change, the actual data exchange between the client 
communications terminal and the subscription module 
may be initiated in step 506. The data exchange may 
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comprise the transmission of data to and/or from the 
subscription module, e.g. PIN codes, authorisation 
codes, identifiers, account numbers, or the lilce. Prefer- 
ably, in order to protect the communication between the 
RAA Client and the subscription module, all messages 
sent between the entities are encrypted with a symmet- 
ric encryption algorithm. Messages encrypted in the 
RAA Client are decrypted In the subscription module. 
Messages encrypted in the subscription module are de- 
crypted in the RAA client. The algorithm used to encrypt 
the messages may be implemented in hardware or soft- 
ware in the RAA client and subscription module respec- 
tively. Any standard algorithm and procedure can be 
used, such as the Data Encryption standard (DES), tri- 
ple DES (3DES), SAFER+, Advanced Encryption 
Standard (AES), RC4, RC5, etc. In order to encrypt the 
messages the RAA client and subscription module use 
the new shared secret exchanged in step 505. Alterna- 
tively, a key derived from the exchanged shared secret 
may be used. In another embodiment, the shared secret 
used for authentication may also be used for encryption 
without further key exchange. However, the generation 
of an encryption key provides a higher level of security. 
[0053] Furthermore, in order to further protect the 
communication between the RAA Client and the sub- 
scription module, all messages sent between the enti- 
ties are integrity protected. The messages are protected 
with a symmetric authentication algorithm. A crypto- 
graphic message tag is calculated for each message in 
the RAA Client and checked in the subscription module. 
A cryptographic message tag is calculated for each 
message in the subscription module and checked in the 
RAA Client. The same procedure may be applied in the 
reverse direction. The algorithm used to calculate the 
message tag can be implemented in hardware or soft- 
ware in the RAA client and subscription module, respec- 
tively. Any standard algorithm and procedure may be 
used. The shared symmetric key used in the integrity 
protection may be the shared secret exchanged in step 
505, or a key derived from that shared secret. 
[0054] Alternatively to a long-lived shared secret, e.g. 
if no long-lived shared secret exists between the RAA 
Client and the subscription module, the RAA Server us- 
er may allow a particular RAA Client to temporarily con- 
nect to the subscription module in the RAA Server. Then 
a temporary shared secret between the subscription 
module and the RAA Client needs to be generated. This 
may be done In several different ways, for example: 

The RAA Server user enters a shared secret value 
into the RAA Server. The shared secret is directly 
transferred to the subscription module. Then the 
RAA Client user enters the same secret value into 
the RAA Client. As a user interaction is required, a 
high level of security is achieved. 
- The subscription module generates a secret ran- 
dom value. This value is displayed on the RAA serv- 
er. The RAA Client user enters the secret random 



value into the RAA Client. As a user interaction is 
required, a high level of security is achieved. 
The subscription module sends a secret value di- 
rectly to the RAA Client. The secret value may be 
5 protected using for example encryption. The key 
used to protect the secret value can be a common 
key known to a particular set of RAA Clients and 
subscription modules. 

10 [0055] Fig. 6 shows a flow diagram of an authentica- 
tion procedure according to an embodiment of the in- 
vention based on a public key mechanism. In the initial 
step 601 a connection between the client communica- 
tions terminal and the server communications tenninal 

IS is established as described in connection with step 501 
of fig. 5. In step 602, the public key of the RAA Client is 
retrieved by the subscription module. In order for the 
subscription module to authenticate and exchange a 
key with the RAA Client, the subscription module needs 

20 access to one or several trusted public keys that this 
RAA Client uses. The subscription module can obtain 
the public key(s) in several different ways providing dif- 
ferent levels of security. Examples of mechanisms to ob- 
tain the public key(s] include: 

25 

The subscription module is pre-configured with a 
set of trusted public keys used by the RAA Clients. 
Hence, in step 602. the subscription module may 
retrieve the public key(s) from its memory, e.g. a 
30 ROM or EPROM section of a SIM card as described 
in connection with fig. 2. 

The public key(s) of the RAA Client are transmitted 
to the subscription module during the connection 
establishment between the subscription module 
35 and the RAA client. The subscription module trusts 
the public keys automatically or upon receipt of a 
user input approving the public keys. Hence, in this 
example, step 602 is perf omned as a part of the con- 
nection establishment in step 601 . 
40 - The subscription module requests the RAA Client 
to transfer the public key(s] of the RAA Client during 
the connection establishment between the sub- 
scription module and RAA Client. The key(s] are 
transferred to the subscription module, possibly to- 
45 gether with a public key of a trusted third party. The 
public key(s) of the subscription module are signed 
with the private key of the trusted third party 
- The subscription module asks the RAA Client for 
the public key(s) of the Client at the connection es- 
so tablishment between the subscription module and 
RAA Client. The key(s) are transferred to the sub- 
scription module in a digital certificate. An example 
of a digital certificate format is the X.509 certificate 
format. 

S5 - The RAA Server user enters at least one or several 
hash value of a public keys or digital certificate into 
the device. The hash value is directly transferred to 
the subscription module. Later, the subscription 
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module receives one or several digital certificates 
from the RAA Client. The subscription module 
hashes the received public key or certificate, if the 
computed hash value corresponds to the hash val- 
ue entered by the RAA server user, the subscription 
module trusts the public l<ey. This procedure can, 
of course, be applied on multiple keys or certificates 
each having their associated hash vaiue. 

[0056] Similarly, in orderforthe RAA Client to authen- 
ticate and exchange a key with the subscription module 
using a public key mechanism, the RAA Client needs 
access to one or several trusted public keys belonging 
to the subscription module. IHence, in an embodiment 
where the RAA client authenticates the subscription 
module, step 602 further includes the step of retrieving 
the public key(s) of the subscription module by the RAA 
Client. As described above, this may be done In several 
different ways, for example: 

The RAA Client is pre-conf igured with a set of trust- 
ed public key(s) belonging to the subscription mod- 
ule. IHence, in step 602, the RAA Client retrieves 
the public key(s) from its memory, e.g. a ROM or 
EPROM, the memory of a SIM card included In a 
mobile phone, a WIM card comprising public keys 
and certificates, or the like. 
- The RAA Client asks the subscription module for 
the public key(s) of the module at the connection 
establishment between the RAA Client and sub- 
scription module. The RAA Client trusts the public 
key(s) automatically or upon receipt of a user input 
approving the public keys. Hence, in this example, 
step 602 is perfonned as a part of the connection 
establishment in step 601 . 
The RAA Client asks the subscription module for 
the public key(s) of the module at the connection 
establishment between the RAA Client and the sub- 
scription module. The key(s) are transferred to the 
RAA client, possibly together with a public key of a 
trusted third party. The public key(s) of the subscrip- 
tion module are signed with the private key of the 
trusted third party. 

The RAA Client asks the subscription module for 
the public key(s) of the module at the connection 
establishment between the RAA Client and sub- 
scription module. The key(s) are transferred to the 
RAA client In a digital certificate. An example of a 
digital certificate format Is the X.509 certificate for- 
mat. 

The RAA Client user enters one or several hash val- 
ues of public keys or digital certificates into the de- 
vice. Later, the RAA Client receives one or several 
digital certificates from the subscription module. 
The RAA Client hashes the received public key(s) 
or certificate(s). If the has value(s) correspond to 
the hash value entered by the RAA Client user, the 
public key(s) are trusted by the RAA Client. 



[0057] In step 604, the trusted public key(s) related to 
the RAA Client are used for the subscription module to 
authenticate the RAA Client. Similarly, the trusted public 
key(s) stemming from the subscription module are used 
5 to authenticate the subscription module. In step 605, a 
shared secret is generated and exchanged between the 
subscription module and the client communications ter- 
minal, resulting in a common secret key for the client 
communications device and the subscription module. 
10 Preferably, this key exchange may be a part of the au- 
thentication procedure. Alternatively, the key exchange 
is performed after successful authentication. The au- 
thentication and key exchange can be done in several 
different ways using well known state of the art solutions 
15 for public key based authentication and key exchange, 
such as PIN or password based solutions, challenge/ 
response based solutions, a Feige-Fiat-Shamir proto- 
col, a Schnorr protocol, etc., and Diffie-l-lellman and re- 
lated protocols, key exchange using public key encryp- 
20 tion, Kerberos type protocols, etc., respectively. The au- 
thentication and key exchange may be implemented in 
hardware or in software. In one embodiment, the au- 
thentication further requires an approval by the user of 
the server communications temilnal, thereby further in- 
25 creasing the security against misuse or accidental use. 
For example, the user may be required to enter a PIN 
code indicative of an authorisation for remotely access- 
ing the subscription module of the server communica- 
tions terminal. 

30 [0058] After successful authentication and key ex- 
change, the actual data exchange between the client 
communications terminal and the subscription module 
may be initiated in step 506, preferably using a symmet- 
ric encryption algorithm, as described in connection with 
35 fig. 5. In order to encrypt the messages, the RAA client 
and subscription module use the shared secret ex- 
changed in step 605. Alternatively, a key derived from 
the exchanged shared secret may be used. In another 
embodiment, the encryption may be based on a public 
40 key mechanism, thereby not requiring the exchange of 
a shared secret. 

[0059] Furthermore, in order to further protect the 
communication between the RAA Client and the sub- 
scription module, all messages sent between the enti- 
^5 ties are integrity protected, as described in connection 
with fig. 5. The shared symmetric key used in the integ- 
rity protection may be the shared secret exchanged in 
step 605, or a key derived from that shared secret. 
[0060] It is noted that the invention has mainly been 
50 described in connection with a GSM network. However, 
it is understood that the present invention is not limited 
to GSM networits but may also be applied to other com- 
munications networks, e.g. other mobile telecommuni- 
cations networks such as GRPS and 3'^ generation net- 
55 works, such as UMTS. 
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Claims 

1. A method of granting a client communications ter- 
minal (106) access to a subscription module (102; 
302) of a server communications tenninal (101 ), the 
method comprising the steps of 

establishing (501;601) a communications link 
(115) between the client communications ter- 
minal and the server communications terminal; 
and 

communicating (506) data related to the sub- 
scription module between the server communi- 
cations tenninal and the client communications 
temninal via the communications link; 

characterised In that the method further compris- 
es the steps of 

authenticating (504; 604) the client communica- 
tions terminal by the subscription module using 
a key-based authentication procedure; and 
initiating the step of communicating data relat- 
ed to the subscription module conditioned on a 
result of the step of authenticating the client 
communications device. 

2. A method according to claim 1 , characterised In 
that the method further comprises the step of au> 
thentlcating the subscription module by the client 
communications terminal using the key-based au- 
thentication procedure. 

3. A method according to claim 1 or 2, characterised 

in that the key-based authentication procedure is a 
symmetric authentication procedure based on a 
first secret key stored in both the client communica- 
tions tenninal and the subscription module. 

4. A method according to claim 3, characterised In 
that the step of communicating data related to the 
subscription module further comprises the step of 
encrypting the data using an encryption key derived 
from the first secret key. 

5. A method according to claim 4, characterised In 
that the method further comprises the step of de- 
riving (505) an encryption key from the first secret 
key, 

6. A method according to- any one of the claims 3 
through 5, characterised in that the step of com- 
municating data related to the subscription module 

further comprises the step of integrity protecting the 
data using a key derived from the first secret key. 

7. A method according to claim 1 or 2, characterised 
in that the key-based authentication procedure is a 



public key-based authentication procedure wherein 
the subscription module has access to a public key 
related to the client communications tenninal. 

5 8. A method according to claim 7, characterised in 
that the method further comprises the step of au- 
thenticating the subscription module by the client 
communications terminal using the public key- 
based authentication procedure wherein the client 

10 communications tenninal has access to a public key 
related to the subscription module. 

9. A method according to claim 7 or 8, characterised 
In that the step of authenticating the client commu- 

15 nications terminal further comprises the step of ex- 
changing (605) between the client communications 
terminal and the subscription module a second se- 
cret key for use during cryptographic protection of 
the data related to the subscription module commu- 
20 nicated between the server communications termi- 
nal and the client communications tenninal via the 
communications link. 

10. A method according to claim 9, characterised in 
25 that the step of communicating data related to the 

subscription module further comprises the step of 
encrypting the data using an encryption key derived 
from the second secret key. 

30 11 . A method according to claim 9 or 1 0, characterised 
In that the step of communicating data related to 
the subscription module further comprises the step 
of Integrity protecting the data using a key derived 
from the second secret key. 

35 

12. A method according to any one of the claims 1 
through 1 1 , characterised In that the step of au- 
thenticating the client communications terminal fur- 
ther comprises the step of inquiring an input from a 

40 user of the server communications terminal Indica- 
tive of an approval of the authentication. 

13. A method according to any one of the claims 1 
through 12, characterised In that the step of initi- 
os ating communicating data related to the subscrip- 
tion module further comprises the step of perform- 
ing a user authorisation based on a PIN code stored 
on the subscription module. 

50 14. An arrangement for granting access to a subscrip- 
tion module (1 02;302) in a communications system, 
the arrangement comprising a client communica- 
tions terminal (106) and a server communications 
terminal (101) including the subscription module, 

55 the client and server communications terminals 
each comprising respective communications 
means (110,104;305) for establishing a communi- 
cations link (115) between the client communica- 
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tlons terminal and the server communications ter- 
minal, and for communicating data related to the 
subscription module between the server communi- 
cations terminal and the client communications ter- 
minal via the communications link; 
characterised in that the subscription module fur- 
ther comprises processing means (103,103a) 
adapted to authenticate the client communications 
temninal using a key-based authentication proce- 
dure, and to grant access to the subscription mod- 
ule conditioned on a result of the authentication pro- 
cedure. 

15. An anrangement according to claim 15, character- 
ised in that the communications link is a wireless 
communications link. 

16. An arrangement according to claim 14 or 16, char- 
acterised in that the server communications tenni- 
nal, the communications means of the server com- 
munications terminal, and the subscription module 
are physically included in a single unit. 

17. An arrangement according to any one of the claims 
14 through 16, characterised in that at least one 

of the server communications tenninal and the cli- 
ent communications terminal Is a mobile telephone, 

18. An arrangement according to any one of the claims 
14 through 1 7, wherein the respective communica- 
tions means are Bluetooth transceivers. 

19. A server communications terminal (101] comprising 
a subscription module (102;302) and communica- 
tions means (1 04;305) for establishing a communi- 
cations link (115) with a client communications ter- 
minal (106) and for communicating data related to 
the subscription module with the client communica- 
tions terminal via the communications link; 
characterised in that the subscription module 
comprises processing means (103,103a) adapted 
to authenticate the client communications terminal 
using a key-based authentication procedure, and to 
grant access to the subscription module condi- 
tioned on a result of the authentication procedure. 



client communications temninal and to grant access 
to the subscription module conditioned on a result 
of the authentication procedure. 

5 21 . Asubscrlption module (1 02;302) for use with a serv- 
er communications terminal (1 01 ), the server com- 
munications terminal including communications 
means (104; 305) for establishing a communica- 
tions link (115) with a client communications temni- 

10 nal ( 1 06) and for communicating data related to the 
subscription module with the client communications 
terminal via the communications link; 
characterised in that the subscription module 
comprises processing means (103,103a) adapted 

15 to, when the subscription module is in connection 
with the server communications terminal, authenti- 
cate the client communications terminal using a 
key-based authentication procedure, and to grant 
access to the subscription module conditioned on a 

20 result of the authentication procedure. 

22. A subscription module according to claim 21 , char- 
acterised in that the subscription module is a smart 
card. 

25 

23. A subscription module according to claim 22, char- 
acterised In that the smart card comprises an in- 
tegrated radio transceiver. 

30 24. A subscription module according to claim 21 , char- 
acterised in that the subscription module is a se- 
curity module comprising a removably insertable 
smart card. 



40 



25 

23. 



20. A client communications tenninal (1 06) comprising 
communications means (110) for establishing a 
communications link (115) with a server communi- 
catlons temninal (101) including a subscription mod- so 
ule (1 02), and for communicating data related to the 
subscription module with the server communica- 
tions temninal via the communications link; 
characterised in that the client communications 
terminal comprises processing means (1 09) adapt- ss 
ed to perform a key-based authentication proce- 
dure cooperatively with the subscription module al- 
lowing the subscription module to authenticate the 
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